1. Field of the Invention
The field of the invention relates to computer network and computer systems, and more particularly, to systems and methods for updating content detection modules.
2. Background
The generation and spreading of computer viruses are major problems in computer systems and computer networks. A computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and/or performing unsolicited or malicious actions on a computer system. Viruses may be embedded in email attachments, files downloaded from Internet, and macros in MS Office files. The damage that can be done by a computer virus may range from mild interference with a program, such as a display of unsolicited messages or graphics, to complete destruction of data on a user's hard drive or server.
To provide protection from viruses, most organizations have installed virus scanning software on computers in their network. However, these organizations may still be vulnerable to a virus attack until every host in their network has received updated anti-virus software. With new attacks reported almost weekly, organizations are constantly exposed to virus attacks, and spend significant resources ensuring that all hosts are constantly updated with new antivirus information. For example, with existing content detection software, a user may have to request for a download of a new virus signature in order to enable the content detection software to detect new virus that has been created since the last update. If a user delays in downloading the new virus signature, the content detection software would be unable to detect the new virus. Also, with existing content detection systems, new virus signatures are generally not made available shortly after they are discovered. As such, a computer mat be subjected to attack by the new virus until the new virus signature is available and is downloaded by a user.
Besides virus attacks, many organizations also face the challenge of dealing with inappropriate content, such as email spam, misuse of networks in the form of browsing or downloading inappropriate content, and use of the network for non-productive tasks. Many organizations are struggling to control access to appropriate content without unduly restricting access to legitimate material and services. Currently, the most popular solution for blocking unwanted web activity is to block access to a list of banned or blacklisted web sites and pages based on their URLs. However, as with virus scanning, the list of blocked URL requires constant updating. If a user delays in downloading the list of URL, or if the list of URL is not made available soon enough, the content detection software would be unable to detect undesirable content, such as web pages.
Many email spam elimination systems also use blacklists (spammer lists) to eliminate unwanted email messages. These systems match incoming email messages against a list of mail servers that have been pre-identified to be spam hosts, and prevent user access of messages from these servers. However, as with virus scanning, the spammer list also requires constant updating. If a user delays in downloading the spammer list, or if the spammer list is not made available soon enough, the content detection software would be unable to detect undesirable content.